Dropbox details security breach, says two-step authentication and other security boosts on the way

In a post on its blog, Dropbox has detailed a recent security breach that resulted in a ‘small number’ of accounts being logged into in an unauthorized manner. The breach was caused by passwords stolen from ‘other websites’, says Dropbox’s Aditya Agarwal.

One of the accounts accessed was an employee’s, which contained a document with user email addresses, causing spam issues, which was one of the first warning signs that something was wrong. The company then hired outside investigators to figure out what exactly was going on. Agarwal says that checks have been put in place to stop something like this from happening again, presumably by not storing customer info in employee Dropboxes.

In some cases, we may require you to change your password. (For example, if it’s commonly used or hasn’t been changed in a long time)

Obviously, if these users had not been using the same password on multiple websites, this wouldn’t have been an issue for Dropbox. We never recommend that you use a password on more than one online service for this explicit reason.

Agarwal mentions that apps like 1Password can help you to store strong, if forgettable, passwords. The users who had their accounts accessed have been contacted by Dropbox directly and have been aided in protecting them for the future.